Analysis
-
max time kernel
152s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
01-12-2022 16:20
General
-
Target
474111655e52390d024b3a3388666331.exe
-
Size
37KB
-
MD5
474111655e52390d024b3a3388666331
-
SHA1
e5f56fabeb4d771bfad57bb9d2eb2c25ec4fa05b
-
SHA256
9a606cde6920bbb79b316c8ccab52faf4c11ddd20dfaa564a04bca15785ee465
-
SHA512
a680c5909425a6ad9269c51f2da4a6251c58995c8f272459a94556b3e5279cc457b1787f4ae135e7c2eb800f398d8453549fa8a6ed5fda53d2f1ef3711dc7485
-
SSDEEP
384:EeLx1kit8Zf5W9cTYXyc/bBM0izvncnPMIurAF+rMRTyN/0L+EcoinblneHQM3eY:pLxKjjTYic/be0PM/rM+rMRa8NuQBt
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 31 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\474111655e52390d024b3a3388666331.exe"C:\Users\Admin\AppData\Local\Temp\474111655e52390d024b3a3388666331.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\474111655e52390d024b3a3388666331.exe" "474111655e52390d024b3a3388666331.exe" ENABLE2⤵
- Modifies Windows Firewall
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/740-132-0x0000000074BA0000-0x0000000075151000-memory.dmpFilesize
5.7MB
-
memory/740-133-0x0000000074BA0000-0x0000000075151000-memory.dmpFilesize
5.7MB
-
memory/4680-134-0x0000000000000000-mapping.dmp